JP2002528801A - Remote access and security system - Google Patents

Abstract

  (57) [Summary] Methods and systems for remotely controlling access to high value units. The system includes central control means for holding control data regarding access control to one or more high value units performed by an associated access control device, between the central control means and the operator control device and between the operator control device and the access control device. Remote control means is provided between the control devices. The control data includes an identification structure of the access control device that defines an allowable operation, and access control data that defines operator control of the access control device. This access control device cannot be accessed until the identification structure is loaded and implemented. The identification structure may be encrypted so that only the central control means and the access control device can decrypt it, thereby forming a virtual configuration link between the central control means and the access control device via the operator control device. Only the operator control device can access the access control data.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

【Technical field】

The present invention relates to a remotely operable access and security system.

[0002]

[Background Art]

There are many situations in which it is desirable for an owner, operator, or manager to be able to control access to valuable items, wherever and by whom. There are also many security systems available. Generally, security systems control who has access to valuable items. For example, access to places such as buildings by selected persons, such as employees, access to vaults such as safes and vaults, access to vehicles, access to information and data on personal computers and databases Access. However,
This is just one example.

In some situations, existing security systems allow for remote access to certain locations. In other systems, such as automotive electronically controlled alarms and locks, valuable items can be moved and their access can be controlled at a local level only by preselected operators.

[0004] However, one or more items that need to be accessed by a range of different people who are not in a certain location and / or possibly in different environments, as well as the owner / operator / administrator, There are many situations where security is needed for one or more items that want to retain control over who accesses where and when. In order to achieve this flexibility, the lock must have different characteristics at different times and places.

[0005] Currently, a well-known system that allows access control to the location of a movable item is to provide a programmable key that can communicate with a lock via a local area communication system. Such a system is disclosed in U.S. Pat. No. 4,766,
746. This key allows one or more locks, each programmed with a unique identification number, to be released by an authorizing person or system via the wide area network. Also, a pin or access number is required to confirm that the authorized user has the key. The key then contacts the lock and indicates release.

[0006] The key may also be programmed with information to reconfigure the characteristics of the lock, for example, during any period during which the lock is not scheduled to be released. This feature provides greater functional flexibility for the lock and eliminates the need to reprogram the lock at a central business location.

However, at present, this type of security system requires the operator to program a lock, in particular. To do so, someone must go to a location in the lock's local area communication system so that it can be reconfigured by communicating with the lock. Such a reconfiguration may take place shortly after someone wants to get into the lock, but the person does not know how the lock is being reconfigured. Alternatively, the person may forget to reconfigure the lock, or may not be able to rely on the reconfiguration of the lock, after which valuable items may be accessed. Thus, the risk of a breach of security results because no reconfiguration has taken place.

[0008] Another disadvantage with this method is that the control information about the lock is readable by the key and is therefore susceptible to eavesdropping. For this reason, the security of the lock is compromised, for example, by allowing other people to identify when the lock is released.

In addition, such systems provide simultaneous central control access to a single valuable unit or location by multiple operators, and simultaneous central control access to multiple valuable units by one or more operators. Not considered.

[0010] Another known method of providing a remote security lock is disclosed in US Pat.
, 815, 557, provide a direct communication link between the lock and the grantor or the granting system. This direct link has the advantage that the lock can be reconfigured at any time. According to one method, the person wants to release the lock and communicates his will to the grantor or the granting system and properly identifies it. The grantor or the granting system then releases the lock by sending a signal. The reconfigured data may be sent directly to the lock over a communication link. However, this method has the disadvantage that if access is required to send the command and release the lock, the grantor or the granting system must be made available.

Another well-known method of solving the problem of remote security locking is described in US Pat. No. 4,766,746, which likewise locks and authorizes grants for configuring information. Alternatively, a direct communication link between the authorization system and a second communication link between the key and the authorizer or the authorization system is provided. This key requires a PIN to receive communications enabling one or more locks to be released and to confirm that an authorized user is using the key. However, in this method, since the lock must be connected to the wide area communication network, there are disadvantages that the cost is increased, the lock becomes more complicated, and the portability is sometimes limited.

Accordingly, the present invention provides a method and apparatus that can remotely implement security and / or access to valuable items that solve or mitigate the problems with such methods and apparatus today, Or, it is intended to at least allow the general user to make useful choices. Other objects of the present invention can be understood by reading the following description, given solely by way of example, with reference to the accompanying drawings, in which:

[0013]

DISCLOSURE OF THE INVENTION

According to one aspect of the present invention, there is provided a remote access control system adapted to allow one or more operators to remotely control access to one or more high value units. The system comprises:-control data including an identification structure regarding the acceptable operation of the access control device;
Central control means comprising access control data defining operator control of said access control device; and-one or more access controls respectively adapted to selectively inhibit or permit access to high value units. -One or more operator controls with starting means, adapted to allow the operator to interact with the control system;-telecommunications between said central control means and one or more operator controls A first communication means adapted to perform remote communication between the operator control device and one or more access control devices; and a second communication means adapted to perform remote communication between the operator control device and the one or more access control devices. -When communication regarding an access control device and an identification structure is required, the identification structure is exchanged between the central control means and the access control device. Via an operator controller to transfer to the access controller from the central control means and initialize the access controller so that access control data can be accessed by the access controller; A virtual configuration link is created.

The identification structure preferably includes an application template and configuration data for the access control device. Preferably, the access data includes operator control device identification data, operator identification data, and access control device identification data.

[0015] Further, preferably, the identification data and, optionally, all control data are encrypted, and at least the identification data is decrypted only by the selected access control device and the central control means. It is characterized by.

In accordance with yet another aspect of the present invention, there is provided a method for remotely controlling access to high value units by an operator through a control system. The method comprises:-providing, in a central control means, access control data relating to access control to a high-value unit by an associated access control device;-in the central control means, an allowable operation of the access control device. Providing an identification structure with respect to:-enabling interaction with the control system by operating an operator control through a starting means;-via the operator control, the central control means and the access. A first communication means for forming a virtual configuration link with the control device to enable remote communication between the central control means and the operator control device; and From said central control means via a second communication means enabling remote communication between the Transferring the identification structure to an access control device, wherein the identification structure initializes the access control device so that the access control data can be accessed by the access control device to allow access to the high value unit It is constituted by.

[0017] Other aspects of the invention will become apparent from the following description, given by way of example only and with reference to the accompanying drawings, in which:

[0018]

BEST MODE FOR CARRYING OUT THE INVENTION

In this document, a central management node (CMN) or central control means, a personal access node (PAN) or operator controller, and a remote high value node (RV
N) or access control device. The term CMN is used to describe a database / management / communications system that provides RVN identification structure, template and configuration data, access and control information to one or more PANs.

Also, the term PAN refers to an authorized user that has one or more assigned Rs.
It is used to describe a personal access device that can be used when accessing the VN. Thus, the PAN has some form of activation, such as a portable keypad device, as well as communication means that allow communication to the CMN and one or more RVNs.

The term RVN is used to describe an electronic controller associated with any valuable item that requires controllable access. Examples of valuable items (hereinafter "high value units") include shipping containers, security cabinets for sale, vending machines, buildings, and courier bags. These examples also include a remotely controllable locking mechanism. Also, it goes without saying that there are many other types of high-value units with locking mechanisms that can be controlled through the system according to the invention, such as personal security access. Further, the present invention can be used to control access to various high-value units, such as data and information, by security systems other than physical locks. This includes, for example, Internet access, IC card remittance, and access to any type of electronic database.

The presence of the PAN provides an intermediate communication link between the CMN and one or more RVNs. Communication between the CMN and one PAN or each of a plurality of PANs is performed through a wide area data communication means such as a direct serial link by a local PC connection, a one-way or two-way pager network, and a two-way cell phone network. It is.

Communication between the PAN and one or more RVNs is performed through a local area communication means such as an infrared link, a local area RF link, or a direct connection.

The RVN may include a control device and an associated locking mechanism. Also,
For security reasons, the RVN may be located in the associated high value unit. For example, if this item was a shipping container or vending machine, the RV
N is in such a shipping container or vending machine and is preferably communicated by the PAN through remote means, so that access to the RVN is not provided except through access to high value units by PAN operators. become unable.

Certain RVN controllers have program means suitable for storing and implementing the identification structure. The nature of such an identification structure depends on the nature of the high value units controlled by RVN, including at least access combinations. Further, if the item is accessed only at a specific time or date or at a specific location (eg, controlled by a GPS device),
Time and location criteria, control criteria such as how often the unit is accessed, or how long the unit can be accessed after access, user / operator group access criteria, encryption It also includes standardization and decoding standards.

The RVN control device has a plurality of identification structures to accommodate operations performed in many different ways. This identification structure is unique for each RVN application. Each application has an identification structure including a template capable of mounting configuration data adapted to a specific application, and various applications are suitable for various high-value units and various environments.

A system according to the present invention utilizes a virtual configuration link (VCL) between a CMN and one or more RVNs via one or more PANs to provide a CMN.
Can control access to one or more RVNs. The presence of this VCL enables automatic transfer of communication data between the CMN and the RVN when the PAN interfaces with the RVN. The operation of the system of the present invention will be briefly described below with reference to FIG.

The transmission and reception of information is performed in three communication protocol layers: an access layer, an identification layer,
In the system within the VCL layer. The system creates secure virtual links because the information sent from the CMN to the PAN and from the PAN to the RVN is inaccessible at the PAN access layer. Since the access layer does not have access to the cipher, this secure virtual link is not attacked in the PAN.

The access layer passes secure access and control data, such as user interface, PAN identification, user identification, RVN identification, and RVN access and control data. The access layer also controls a remote high-value node for finally permitting or prohibiting access to the high-value unit.

The identification layer controls and passes information on the identification structure of the RVN. The CMN forms an RVN identification structure for determining the operation of the RVN. As mentioned above, the RVN structure also includes an initialization instruction along with the application template and configuration data. If the identification structure disappears, the RVN will call “attack”
Or they will not have any information that would be susceptible to interference. For example, R
If the VN is such as an electronic lock on a shipping container, the lock is a "virtual" lock until an identifier is provided.

A secure VCL is created by encrypting information in the identification structure layer. This information can only be decrypted by the CMN and the RVN and is transmitted by the CMN to the RVN as a VCL data packet of the VCL. The operation of the system according to the invention will be briefly described below.

Each PAN has a unique identification number. PAN is CMN
Is activated by transmitting and receiving the correct identification number. Certain users or operators of the PAN have access or PIN numbers. CMN
One or more user permissions for the PAN are maintained by access or PIN number. In addition, the CMN determines that the PAN accesses at a certain time.
Alternatively, one or more identification numbers of a plurality of RVNs are provided to the PAN. In this way, a single PAN is authorized to access multiple RVNs as scheduled. These identification numbers and access or PIN numbers are transmitted and received as part of the access layer protocol. Communication between the CMN and the PAN is performed through the communication means # 1 (see FIG. 1).

Next, an application template for the RVN or each RVN is created by the CMN as part of the identification layer protocol. Further, configuration data is loaded based on information specifying a combination of, for example, a PAN identification number, an operator identification, an RVN identification, and an operator entry. There are various combinations of information transmitted and received by such a template and configuration data depending on the application of RVN.

This combination of information is encrypted so that only RVN can be decrypted. This prevents the PAN from decrypting the encrypted information, thus forming a secure VCL between the CMN and the remote RVN. Next, the encrypted information is VC
It is downloaded to the PAN as L data packets.

[0034] Once all the required data has been transmitted from the CMN to the PAN and the selected operator has been correctly identified for the PAN using an access or PIN number, the PAN will be re-assigned to the RVN or each RVN. It communicates through communication means # 2 (see FIG. 1) consisting of a local area communication link to. The PAN downloads the VCL data packet to a correctly identified RVN. The RVN controller decrypts this data and makes it available to the RVN identification layer.

At this identification layer, after the RVN reconfigures the application template and loads it into configuration data, it processes this data to initialize the access layer. The configuration data of the application template defines a set of parameters that instruct RVN operation. Although the template is programmed into the RVN, the configuration data may of course be updated by the VCL. Alternatively, the RVN may be programmed with the new template and configuration data via the VCL each time the RVN accesses the PAN.

The presence of the VCL between CMN and RVN allows the operator
Eliminating the need to reconfigure the VN is an important feature of the VCL invention. If reconstruction is required, the necessary data defining the identification structure can be
It only needs to be sent to the AN, the PAN contacts the RVN, and then the new identification structure is automatically programmed into the RVN.

Further, the PAN transmits data to the RVN via the access layer. This data may include operator access and control codes. further,
At the access layer, the RVN examines this information and grants access to high value units.

Of course, it is also possible that each PAN has one or more assigned operators and can be programmed to access one or more RVNs. Also, each RVN can be accessible by more than one PAN, for example, so that a plurality of authorized users can access a building through a door.

The access and control data is “well-known” to the PAN, and the content of such data is, for example, a user identification / PIN number, a PAN identification number, and an access combination.

The PAN creates a virtual security tunnel and creates a V between the CMN and the RVN.
CL is formed. In addition, the CMN creates a VCL data packet by encrypting the identification structure. Since the PAN does not have the required decryption code, it cannot access the encrypted configuration information in the VCL data packet. PA
When N contacts the remote RVN, the VCL data packet information is downloaded to the RVN, which decrypts this information and updates the RVN template and configuration at the identification layer. This allows the RVN to process user level access and control data, and also receive communications from the PAN.

In addition, the RVN can store relevant information about its environment and conditions and send this information back to the CMN through a VCL provided by the PAN. This information provides the owner / operator with a history of the environment of the unit, such as, for example, recording the temperature around or within the RVN at various times, and information about the time elapsed at a particular location. Such useful information is also included. Such information may be downloaded to the CMN via the PAN upon access.

Hereinafter, an example of the operation of the system according to the present invention will be described with specific reference to access control to a shipping container. It will be appreciated that a shipping container does not have a fixed location and is a good example of a high value unit that needs to be accessed by various separate operators at different locations at different times. It is also clear that the invention can be used in many other environments, as already mentioned.

An RVN control device is located in the shipping container for controlling the locking mechanism. There is no physical connection between the RVN and the outside of the shipping container, except for communication means that allow communication between the control unit and the PAN.

Next, FIG. 2 will be described. The remote shipping company 1, which must access the shipping container 2 at the destination port, informs the local shipping company or security manager 3 that access to the shipping container is required. Alternatively, if the RVN in the shipping container is pre-programmed and accessible at a specific location and time, this communication is not required.

The local shipping company or security manager sends permission data to the PAN 4 via the CMN 5 to give this remote company permission to access the designated shipping container. This communication is shown in the figure as being via a locally linked PC connection 6 and a wide area network 7.

The activated PAN transfers the configuration, access and control information to the relevant RVN, which allows access to the shipping container 2. As described above, according to the system of the present invention, the owner / administrator of a high-value unit having no fixed position allows only an authorized user or operator at any time or place to feel confident in a corresponding item. Be able to access. The VCL also provides a means for the CMN to communicate with the RVN, updating its identification structure, ensuring that the identification structure can be updated when needed, and eliminating the expense of individual communication systems. . Also, the unit itself has no means for direct communication with a fixed external keypad or PAN. Further, control information on a specific RVN is held in the CMN, but not held in the RVN itself. Also, the identification structure need only be loaded into the RVN just before access is needed and, if necessary, removed after the access so as not to leave any useful information in the vulnerable RVN. It may be. In addition, data encryption
A secure VCL may be provided between N and RVN to further secure security.

[0048] While specific parts or finished products of the invention having known equivalents have been described above, such equivalents are intended to be included herein as if individually set forth. As described above, the present invention has been described with reference to possible embodiments by way of illustration. However, it goes without saying that various modifications and improvements can be made without departing from the scope and spirit of the present invention.

[Brief description of the drawings]

FIG. 1 is a schematic diagram illustrating the operation of a system according to the present invention.

FIG. 2 is an example in which the system according to the present invention is used for controlling access to a shipping container.

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04M 11/00 301 H04M 11/00 301 (81) Designated country EP (AT, BE, CH, CY, DE, DK, ES, FI, FR, GB, GR, IE, IT, LU, MC, NL, PT, SE), OA (BF, BJ, CF, CG, CI, CM, GA, GN, GW, ML, MR, NE, SN, TD, TG), AP (GH, GM, KE, LS, MW, SD, SL, SZ, TZ, UG, ZW), EA (AM, AZ, BY, KG, KZ, MD) , RU, TJ, TM), AE, AL, AM, AT, AU, AZ, BA, BB, BG, BR, BY, CA, CH, CN, CR, CU, CZ, E, DK, DM, EE, ES, FI, GB, GD, GE, GH, GM, HR, HU, ID, IL, IN, IS, JP, KE, KG, KP, KR, KZ, LC, LK , LR, LS, LT, LU, LV, MA, MD, MG, MK, MN, MW, MX, NO, NZ, PL, PT, RO, RU, SD, SE, SG, SI, SK, SL, TJ, TM, TR, TT, TZ, UA, UG, US, UZ, VN, YU, ZA, ZWF terms (reference) 5K101 KK11 KK13 LL00 PP03 RR16

Claims (24)

[Claims] 1. A remote access control system adapted to allow remote control of access to one or more high-value units by one or more operators, said system comprising: Control data including an identification structure for the operation;
Central control means comprising access control data defining operator control of said access control device; and one or more access control devices respectively adapted to selectively prohibit or permit access to high value units. -One or more operator controls comprising starting means, adapted to allow an operator to interact with the control system; and-remote communication between said central control means and one or more operator controls. First communication means adapted for communication; and second communication means adapted for remote communication between the operator control device and the one or more access control devices; When communication regarding an access control device and an identification structure is required, the identification structure is transferred between the central control means and the access control device. Via an operator control unit, for transfer to the access control unit from the control means, and initialization of the access control unit, so that access control data can be accessed by the access control unit; A configuration link is created. 2. The remote access control system according to claim 1, wherein the identification structure includes an application template and configuration data. 3. The remote control according to claim 1, wherein the access control data includes operator control device identification data, operator identification data, and access control device identification data. system. 4. The remote access control system according to claim 3, wherein the access control data further includes data on conditions for performing an allowable access. 5. The method according to claim 1, wherein the identification structure is encrypted and can be decrypted only by a selected access control device and the central control means. The remote access control system as described. 6. The remote access control system according to claim 1, wherein said control data is encrypted. 7. The remote access control system according to claim 1, wherein the identification structure cannot be accessed by an operator of an operator control device. 8. The remote access control system according to claim 1, wherein said first communication means includes a wide area communication network. 9. The remote access control system according to claim 1, wherein said second communication means includes a wide area communication network. 10. The remote access control system according to claim 8, wherein said second communication means includes a local communication link. 11. The method according to claim 1, wherein the or each access control device comprises a recording means adapted to record data relating to the condition or environment of an associated high value unit. A remote access control system according to any one of the preceding claims. 12. The remote access control system according to claim 11, wherein the record data includes a condition or an environment relating to an access of an operator. 13. The remote access control system according to claim 11, wherein said recording data is transferred to said central control means via said virtual configuration link. 14. The remote access control system according to claim 1, wherein the or each access control device includes a lock mechanism and an electronic control device. 15. A method for remotely controlling access to a high value unit by an operator through a control system, the method comprising:-central control means for controlling access to the high value unit by an associated access control device. Providing data;-providing, in the central control means, an identification structure regarding permissible operation of the access control device;-interacting with the control system by operating an operator control device through a starting means. -Forming a virtual configuration link between said central control means and said access control device via said operator control device, and remote between said central control means and said operator control device; First communication means for enabling communication, the operator control device, Transferring the identification structure from the central control means to the access control device via second communication means enabling remote communication with the access control device, wherein the identification structure initializes the access control device. And making the access control data accessible by the access control device to enable access to the high-value unit. 16. The method of claim 15, wherein the identification data is encrypted and decrypted only by a selected access control device. 17. The method according to claim 1, wherein the control data is encrypted.
5. The method according to 5. 18. The method according to claim 15, wherein the first communication means includes a wide area communication network. 19. The method according to claim 15, wherein the second communication means includes a wide area communication network. 20. The method according to claim 15, wherein the second communication means comprises a local communication link. 21. The method according to claim 21, further comprising recording data relating to the condition or environment of the high-value unit by the access control device, and transferring the data to the central control means via the virtual configuration link. Item 16. The method according to Item 15. 22. The method according to claim 21, wherein the recorded data includes a condition and an environment regarding an operator's access to the high-value unit. 23. A remote access control system as generally described herein and shown in the accompanying drawings. 24. A method for remotely controlling access to high value units as generally described herein with reference to the accompanying drawings and examples.